oss-sec mailing list archives
Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based)
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 04 May 2012 10:12:56 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/04/2012 01:32 AM, Henri Salo wrote:
On Fri, Mar 23, 2012 at 09:09:30AM -0600, Kurt Seifried wrote:On 03/23/2012 04:00 AM, Henri Salo wrote:Can I get CVE-identifiers for these two security vulnerabilities? http://osvdb.org/show/osvdb/78105 COMPASS-2012-001 http://osvdb.org/show/osvdb/78106 COMPASS-2012-002 - Henri SaloI'm going to need some original vendor information (name, site, etc.). -- Kurt Seifried Red Hat Security Response Team (SRT)Hello Kurt and list, I received following information from Paco Avila from OpenKM. I hope this clarifies things.
Perfect, thanks!
"OpenKM Permission Weakness Admin Privilege Escalation" COMPASS-2012-001 / OSVDB:78105 / SA47424: Diff: AuthServlet.diff Issue tracker: http://issues.openkm.com/view.php?id=1973
Please use CVE-2012-2315 for this issue.
"OpenKM Arbitrary Admin User Creation CSRF" COMPASS-2012-002 / OSVDB:78106 / SA47420: Diff: scripting.diff Issue tracker: http://issues.openkm.com/view.php?id=1750
Please use CVE-2012-2316 for this issue.
- Henri Salo
- -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPpAAIAAoJEBYNRVNeJnmTq6MQAKdbrnpD6WqmbRf1gIaD80LF oJdMFT58ofFlCzslMDbWGv4lmOM+pSDLVrFgV20jFn9h6XqiAD9Kou77PM3XzgsK tqVzCePwkvLr5grFBTu72UDoiSyJzITtQgLQkijnwovU4TCvUTSMqio3Z2WaCqqR mTfc9rC67XE76CgxwXxg4TCRw7Dk/Cnh+rpCYAtCPVSxkFwlsf639TMx5zAq/wkF K7HPDCC5qYcJN6EpmeHCbINTVwtN8LxYuxdabUTAST2FU7WzxV1cxXikexs8SvFl 0B9YL6zEeaQ0AVpnAhEhGOnyEVH6S50FZPIPWJ5+fpC1mBrpD592TDPzf/7B4pVU 0wvq7KNEActSqYhQpxlYmkmHQcKqgtIIPVi/cpkDOE36xyAF/ZAt+fKfYt87tZGw wqgCxl6h958+/T51JMG2c1pC2+PqwAdIzamFaMk6+vsHBAJSp/QXZ/xP6MgxrOk3 Uonm3eM1s10thvMxLFNjcYT9Gh39a4R/F7uc1sZkJ/ipLIQo5Z6e1ffI3KBotXYn F78uDUEgrwjQQQByX1d4KRDsb8+xtG34rov9G0lAyOYN+9dXys8tlnRmffBGXPrm iwDPBsO+/U7zzY5xI7oC+rZk7M17kgMh+l6AXDeFWCpqpKCOESY3Hn9yDmLNRYKG AA1P7EVOfVxXXxU48/hb =QQra -----END PGP SIGNATURE-----
Current thread:
- Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based) Henri Salo (Apr 27)
- <Possible follow-ups>
- Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based) Henri Salo (May 04)
- Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based) Kurt Seifried (May 04)